Re: ucom panic

On Fri, May 28, 2004 at 07:17:05AM +0900, YONETANI Tomokazu wrote:
> On Thu, May 27, 2004 at 03:26:22PM +0200, Eirik Nygaard wrote:
> > On Thu, May 27, 2004 at 08:15:44PM +0900, YONETANI Tomokazu wrote:
> > > Hello.
> > > After the device layer rollup commit, ucom driver panics when
> > > I disconnect from a tip(1) session. Attached is the backtrace
> > > from the panic. The problem is that ucomclose() is releasing
> > > tp->t_dev too early, and ucomstop() passes it to minor()
> > > without chacking the value, resulting in a NULL-pointer dereference.
> > > I'm not sure how to fix this, but I think you have to push down
> > > the following block in usbclose()
> > >
> > > if (tp->t_dev) {
> > > release_dev(tp->t_dev);
> > > tp->t_dev = NULL;
> > > }
> > >
> > > down to somewhere after the label `quit:'.
> >
> > That fix looks right as far as I can tell. Have you tried it out?
> > If not, could you do it, and let me know if it does work so I can commit
> > it?
>
> I was at work and didn't have time to do so, and unfortunately
> the USB serial adapter is in a different place now. I'll do it
> as soon as I get it back.
Attached patch does stop the panic, but I still get warnings from
ucom when it's unloaded:
Jun 2 17:07:06 gzl /kernel: ucom: Warning: cdevsw_remove() called while 1 devic
e refs still exist! (major 138)